00D31059 on DB2 9 for z/OS

Darren Kilpatrick

00D31059 on DB2 9 for z/OS

December 23, 2010 08:09 AM

Hello,
I am getting a resource unavailable message with the code 00D31059
Type 1004 when connecting to a remote DB2. Both DB2 systems are DB2
9 NFM for z/OS. I have set up the entries in Ipnames and Locations
catalog tables. I am using the DSNREXX plan, and have put the owner
name for the plan on each system in the usernames table (authid and
newauthid columns). I also put my id in that table as well. Type
1004 is Location.AuthorizationID.Plan. The odd thing is that it
references the Local subsystem, my ID on the Remote system, and
plan name (DB2W.A999X99.DSNREXX). Also, the error message also
mentions a RACF PassTicket. Does something need to be set up in
VTAM for that?

James Campbell

Explanation: An attempt to allocate a conversation to the remote
site failed because DB2 was unable to obtain a RACF PassTicket. The
user specified an 'R' in the SECURITY_OUT(see below) column of the
SYSIBM.IPNAMES and/or SYSIBM.LUNAMES communications database (CDB)
tables for the partner site. As a result, DB2 invokes RACF to
extract a PassTicket for the partner site. However, RACF could not
provide a PassTicket, and the attempt failed.

The error usually occurs due to incorrect or missing RACF
definitions. To avoid this error, specify the proper RACF
definitions to provide for the PassTicket. Alternatively, you may
avoid the use of PassTickets by changing the SECURITY_OUT column of
the SYSIBM.IPNAMES and/or SYSIBM.LUNAMES CDB table for the partner
site. For information regarding PassTickets, refer to Part 3
(Volume 1) of DB2 Administration Guide.

SECURITY_OUT:
The value that is used for an outbound request is either the DB2
user's authorization ID or a translated ID, depending on the value
in the USERNAMES column. The translated ID is used to build the
RACF PassTicket. Do not specify R for CONNECT statements with a
USER parameter.

I am getting a resource unavailable message with the code 00D31059
Type 1004 when connecting to a remote DB2. Both DB2 systems are DB2
9 NFM for z/OS. I have set up the entries in Ipnames and Locations
catalog tables. I am using the DSNREXX plan, and have put the owner
name for the plan on each system in the usernames table (authid and
newauthid columns). I also put my id in that table as well. Type
1004 is Location.AuthorizationID.Plan. The odd thing is that it
references the Local subsystem, my ID on the Remote system, and
plan name (DB2W.A999X99.DSNREXX). Also, the error message also
mentions a RACF PassTicket. Does something need to be set up in
VTAM for that?

James Campbell

A PassTicket is a program-generated character string that can be
used in place of a password, with the following constraints:

· A specific PassTicket may be used for authentication
once.

· The PassTicket must be used within 10 minutes of being
generated.

· To ease the problem of system time differences, a specific
PassTicket can be used up to 10 minutes earlier or later in a
target system, compared to the generating system.

·

Front end programming interface (FEPI) security can generate a
PassTicket for use on a target system. The PassTicket can be used
anywhere a password can be used.

Note: The PassTicket generation and validation algorithm means that
the system that creates the PassTicket and the system that
validates it must both use the same level of this function. That
is, if the creating system has the function applied, and the
validating system does not, the PassTicket is invalid.

For more information about the system time differences, and the use
of the PassTicket within the 10 minute interval, see the z/OS
Security Server RACF Security Administrator's Guide.

Use the PTKTDATA resource class to define profiles that contain the
encryption key used for generating and validating PassTickets.

A profile is added for each APPLID that receives sign-ons with
PassTickets.

I am getting a resource unavailable message with the code 00D31059
Type 1004 when connecting to a remote DB2. Both DB2 systems are DB2
9 NFM for z/OS. I have set up the entries in Ipnames and Locations
catalog tables. I am using the DSNREXX plan, and have put the owner
name for the plan on each system in the usernames table (authid and
newauthid columns). I also put my id in that table as well. Type
1004 is Location.AuthorizationID.Plan. The odd thing is that it
references the Local subsystem, my ID on the Remote system, and
plan name (DB2W.A999X99.DSNREXX). Also, the error message also
mentions a RACF PassTicket. Does something need to be set up in
VTAM for that?